[e-privacy] Riconoscibilita` potenziale e associabilita`

Andrea Glorioso sama at miu-ft.org
Sat Apr 16 16:44:44 CEST 2005 

Cari tutti,

come  forse alcuni di  voi  gia` sapranno, in  occasione  del convegno
BILETA 2005 (http://www.law.qub.ac.uk/bileta2005/) e` stato presentato
un  paper, autori Gianni Bianchini,  Marco Calamari e Andrea Glorioso,
intitolato "Today  is    the tomorrow we   should   have worried about
yesterday: a proposal for  an Italian law regulating usage,  retention
and deletion   of  georeferenced and   chronoreferenced  automatically
collected data containing unique user identifiers"; l'abstract e`:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The necessity of   regulating automatic data  collection is incredibly
urgent  today.  A large part of  data collections, even though they do
not  directly  contain  personal  or sensitive  data,  allow for their
inference  through   cross-referencing of  other   data bases, usually
anagraphical or commercial information.

Current  examples of such  data collections  are web  server logs, GSM
positional cell data and RFID data.  More generally, all georeferenced
or chronoreferenced data collections  that  contain UUID (unique  user
identifiers) easily allow for inferring personal and/or sensitive data
using one or more of those features as "master keys".

These  data are  usually collected for  specific  purposes but can  be
easily  cross-referenced, and  as such  they  are destined to multiply
themselves as information  technologies deeply  enter the most  common
spheres of our everyday life.

The serious dangers  that such data collections  pose to the  right to
privacy of individuals are doomed to rise exponentially.  Therefore, a
regulation regarding this  kind of data   collections is desirable  to
counter  the  impact of new  technologies  on personal privacy without
negatively affecting their diffusion and positive effects. [Brown2004]

A possible approach to such regulation would be the definition of fair
but mandatory data retention terms [Calamari2004], with the additional
requirement   that  collected  data be   used  for their  primary goal
only.  Exceptions to  the  above requirements  should  be  allowed but
should  be reported to   the national  Privacy   Authority.  Moreover,
suitable standards  concerning  data  deletion  procedures  should  be
formalised [Calamari2003].

Such a  regulation  would  thus  cover  all  data collections obtained
through RFID [Bianchini2004], GSM cell data, web logs and all types of
potential  data collection  means, such  as  wireless  networks.  This
would allow for the   anticipation of several  kinds of  problems, and
avoid  "post facto"  interventions  on  passively accepted  situations
which every new technology necessarily creates.

This paper discusses a law proposal [WSP2004] developed by the Winston
Smith Project[1]  which will be submitted  to the  Italian legislative
bodies in a  forthcoming future.  The  data retention issues that this
law proposal  will   consider   are  investigated,  as   well  as  the
relationships of the proposal itself with the  existing Italian law on
privacy.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Non  sto mandando questa mail per  bieca  autopromozione di gruppo, ma
perche` riflettendo sugli argomenti trattati nel paper (anche in vista
di una  sua  successiva pubblicazione,   che avverra`  comunque su  un
giornale Open Access) mi e` sorto un dubbio.

In  che  misura  il concetto di   anonimato  presente nel   T.U., e in
particolare la condizione che non sia "semplice" associare un elemento
di  per se` non identificato con   l'identita` del soggetto (in questa
valutazione potrebbero ricadere o   meno le pratiche di  `data mining'
che sono oggetto del paper) sostanzia e  risolve le richieste avanzate
dalla proposta di legge del  Progetto Winston Smith (anch'esso oggetto
del paper)?

Durante l'intervento di Malta, uno degli astanti segnalo` proprio come
il   concetto  di     "riconoscibilita`    potenziale",   e   relativa
regolamentazione,  del dato  - desumibile a  suo dire  dal T.U.  - sia
sufficiente per dare garanzie equivalenti a quelle  che la proposta di
legge del PWS richiede.

Ogni opinione e contributo sul tema e` apprezzato.

Ciao,

--
Andrea Glorioso             sama at miu-ft.org         +39 333 820 5723
        .:: Media Innovation Unit - Firenze Tecnologia ::.
	      Conquering the world for fun and profit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20050416/99e36a28/attachment.pgp>

More information about the E-privacy mailing list